[2889] in bugtraq
Re: portmapper dangers
daemon@ATHENA.MIT.EDU (Wietse Venema)
Thu Jul 4 15:03:18 1996
Date: Thu, 4 Jul 1996 20:15:54 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Wietse Venema <wietse@wzv.win.tue.nl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
der Mouse <mouse@Collatz.McRCIM.McGill.EDU> writes:
>The dangers, according to the code changes I saw, are that the
>portmapper will accept set and unset requests from other than the local
>machine, and that it will accept set and unset requests for reserved
>ports from clients not themselves running on reserved ports.
Interesting, my portmapper changes look up the request source address
and drop anything that does not match a local interface address.
>I don't know what the hell he's found. He told me he had found portmap
>bugs, bad ones that he almost had to break binary compatbility to fix.
>I asked about revealing them, he said he didn't want to 'cause 8lgm got
>so badly flamed for giving out bug info.
Perhaps someone is willing to help me fix this problem? All I have to
work from now are rumors that I cannot verify.
It it's source address spoofing I wouldn't bother. With AUTH_SYS and
AUTH_NONE, all portmappers are vulnerable to spoofing by definition.
Wietse
